[PATCH] confdata: fix invalid write
Hit when using buildroot. I use MALLOC_CHECK_ and MALLOC_PERTURB_ in my environment, so these kinds of things pop up every now and then :) . Please keep me CC'd; I am not subscribed. Thanks, --Ben Ben Boeckel (1): confdata: fix invalid write extra/config/confdata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.6.1
stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension. Caught with glibc's MALLOC_CHECK_=3. Signed-off-by: Ben Boeckel <mathstuf@gmail.com> --- extra/config/confdata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extra/config/confdata.c b/extra/config/confdata.c index 61c91c2..94c63c0 100644 --- a/extra/config/confdata.c +++ b/extra/config/confdata.c @@ -814,7 +814,8 @@ next: fclose(out); if (*tmpname) { - dirname = strndup(basename, strlen(basename) + 4); + dirname = malloc(strlen(basename) + 4 + 1); + strcpy(dirname, basename); strcat(dirname, ".old"); rename(newname, dirname); free(dirname); -- 2.6.1
Hi Ben, Ben Boeckel wrote,
stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension.
Caught with glibc's MALLOC_CHECK_=3.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Thanks. Applied and pushed, best regards Waldemar
participants (2)
-
Ben Boeckel -
Waldemar Brodkorb